How to Be an Ethical Hacker in 2021

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it is 2021 and you want to be an ethical hacker well you've come to the right place my name is the cyber mentor and i do thank you for joining me in this video we're going to be talking about how to become an ethical hacker in 2021. we'll talk about the steps you need to take the path the journey some of the fundamentals that you need to have in order to be an ethical hacker so with that being said if you like the video please do hit the like button consider subscribing to the channel and do comment down below especially if you have any questions comments concerns anything at all with that being said let's go ahead and jump right in to the video before we get started i do have to say that this video is sponsored by integrity now if you see this little logo on my shirt that is the awesome little integrity logo and if we take a look at their website you can see that they are a european based ethical hacking and bug bounty platform all of their clients are based in europe it does not mean that you have to be from europe to hack on their platform so if you want to earn some money you want to do some cool stuff do some hacking and do it legally integrity is a great place to do it all you have to do is come in here and sign up i actually have a link in the description below also put the link on the screen right now if you're interested sign up go to the public programs look them up and just start hacking away find some bugs earn some money and do great things okay so this video is actually going to be based on what started out as a twitter thread that got thousands of likes and then we moved into posting it on a actual blog and that got a ton of great feedback as well a ton of upvotes on reddit linkedin all over the place okay so i said you know what there are people that they're just reading's not for them i'm one of those people actually i'd rather watch a video digest it have a complete digestible path so that's what this video is going to be about so i'm really excited to kind of talk about where we need to go and what paths we need to take to get into ethical hacking all right so before we begin i need to stress a couple of things the first thing is that you need to have a strong foundation in a few different topics in order to be able to have a successful ethical hacking career think of building a house if you build a house on a weak foundation that foundation could collapse and then you're screwed right so if you think about it with ethical hacking if you start building skills with hacking you just jump right into it you're either going to be lost or you're going to lose some of the fundamentals that you should have and then your foundation is going to be weaker than it should be so it is critical to build up a strong foundation first if you build that weak foundation there's chances that you're going to spend even more time trying to go back and figure out what it is you missed and you could have just spent the time on it to begin with so also the other thing to point out is that ethical hacking is an incredibly cool field it sounds awesome it sounds sexy it is sexy you get to break into people's stuff for a living you get paid to do that that's awesome right however there are i don't know downsides there's things that people just don't realize that i need to point out before we get started this is kind of the disclaimer before we get into everything so i want to make sure that you're aware what you're getting yourself into before you just dive in head first into the deep end before learning how to swim now we have very good jobs in ethical hacking we have very high salaries i like to think of it as basic economics if you have a high salary and we have a job shortage which we do we don't have enough people to fill the jobs that we have well that's going to skyrocket the salaries we have supply and demand a lot of demand not enough supply salaries are skyrocketing it looks attractive the idea of hacking is attractive but what people don't realize is it is a complicated and rough journey to get there a lot of people burn out on the concept of breaking into the field of cyber security and ethical hacking because they don't realize what it actually takes to break in okay so with that being said we have to have certain personality traits to be successful in ethical hacking the biggest one is that you have to be a lifelong learner you have to be somebody that is willing to put in the effort all the time you cannot be somebody that just gets to the point to where hey you're an ethical hacker and then you check out you can't be complacent you see people that are complacent in all walks of life and all different types of jobs there's people being happy with where they're at working in the same field for five years 10 years they can be a junior level person and just be content that is not the personality type of an ethical hacker an ethical hacker is somebody that goes home and they study and they're always learning because stuff is always changing things are always moving there's always new cyber attacks there's always new defenses to those attacks it's a cat and mouse game that is never ending so if you're the type of person that doesn't want to put in the work that doesn't want to study if you're complacent this is not the field for you click x on the video right now get out of here okay if it still sounds interesting if you think that when you get into the ethical hacking field this is going to be the field for you this is going to be something where you go to work every day and you say hey i love this this doesn't feel like work i could put 60 hours in and it's fantastic then you're in the right place let's keep on going so with that disclaimer out of the way i want to go ahead and talk about the foundations and with that we're going to move to my computer so the first basic foundational skill you're going to want is basic i.t skills so by this i mean your standard break fix help desk type skill set can you build a computer can you identify its parts can you troubleshoot and fix issues this is similar to what would be the comptia a plus certification so if you've never heard of any of this if you're kind of weak in your basic computer skills then i've got some resources for you now you can utilize the time stamps below by the way if you say hey i'm good with basic ig you can kind of skip to your foundational timestamp if you're past the foundations you want to get right into the hacking just go ahead and do that as well so from here let's go ahead and take a look at a couple of the resources that i have and truly adore for the a plus now the first resource is professor messer he is absolutely fantastic if you have never heard of professor messer he is a resource that is great for not only this a plus comptia based certification here which is that intro level help desk certification uh he's good for if you see up here network plus security plus as well this is all free training so if you just go to professormesser.com and all of the links that i'm going to be talking about are also going to be in the blog post that i put out so i'm going to link the blog post in the description below so if you want to find any of these links just go to the blog post and you'll be able to click on any of these directly in order so if you scroll through here really quickly you'll see that hey he goes right through the a plus training material it talks about mobile devices networking hardware etc so this is your i've never taken a or i've never built a computer i've never done any troubleshooting on a computer type deal and it's a fantastic free great resource now the next website i want to show you is a paid website so i'm not even sure how much cbt nuggets cost at this point i think it's probably close to 90 or 100 a month but don't quote me on that there's pricing up here for comptia a plus this is a great resource too you can come here click on comptia a plus core one and you'll see your teachers keith barker here is a fantastic resource i actually used him for my a plus net plus security plus as well on top of professor messer i think they're both great if you have a short attention span comp or this cbt nuggets is great because they're like five minute ten minute videos and they're very very entertaining very easy to get through and just simple so professor messer cbg nuggets you're going to hear me beat that drum a couple times coming up the second foundational skill that we want to talk about are networking skills so networking skills are incredibly important when it comes to ethical hacking if i were to say to you right now can you describe the osi model can you tell me what service is running on port 22 can you tell me what the tcp three-way handshake is can you describe it to me can you tell me what side or notation is can you do subnetting uh if i'm if i'm sounding like i'm just spouting out pure gibberish to you then congratulations you need networking skills now on top of what i just showed you professor messer is fantastic cbt nuggets fantastic as well but there's a couple other resources i want to share now the first resource is a gentleman by the name of mike myers this is a certification course for the network plus now i'm showing you a bunch of certification courses it doesn't mean that you have to go and take the certification although if you want the certification it's definitely good to have especially some of these beginner level certifications for getting a job and moving up but you don't have to get it it's not necessary i'm trying to show you the cheapest things possible to still educate you so mike myers is fantastic when i was going through my network plus certification and learning about networking i was trying to learn from professor messer i think he's good the only downside to professor messer in the network plus that i thought of at least my opinion was that he went in order of the syllabus so comptia says hey you need to go through this specific order and he did it however mike myers he took the comptia syllabus and he arranged it in a logical format so he doesn't follow it directly but he still covers all the topics that are necessary to pass the exam he breaks things down for you like you are a five-year-old he uses literal building blocks to show packets and different stuff and i think it's really really smart in a creative way to actually teach so mike myers hands down is my favorite resource somebody also mentioned to me that this is potentially free on linkedin learning so if you go look for linkedin you might be able to find this free otherwise it's ten dollars it's not too bad and i think it's a great resource for what you get out of it 23 hours of video content the other resource to mention is cisco packet tracer now i think this is good in conjunction with something like cbt nuggets and a ccna course you can see that here for ccna this is a great resource this is meant for teaching you cisco equipment cisco command line and just get the basics down now if you go to this website there is a introduction to packet tracer and this will kind of teach you the basics or beginner of some of the networking and some of the cisco stuff i do think it goes really well or hand in hand with a ccna type course now you don't have to use cbt nuggets as that subscription again is a little bit on the expensive side you could look for a course out on youtube or you could look for a course on udemy or anything along those lines but this course itself is a free resource and i think having a ccna is something that is beneficial for being an ethical hacker so it's another one of those certifications to consider it goes a little bit above and beyond the network plus but is still one of those good foundational certifications or at least skill sets to have all right skill set number three linux we use a lot of linux and ethical hacking primarily we use what's called a debian based distribution now typically we use something called kali linux or also parrot linux you'll see some hackers actually choose to use their own builds and distributions but it typically is cali or parrot they usually dominate the industry now fortunately for us there are a multitude of free resources out there for individuals interested in linux now i'm going to provide you those in a second but i want to tell you that learning linux is similar to learning a foreign language you can go to school you can educate yourself you can have somebody teach you and that's good you're going to learn but if you dropped yourself in the middle of a country and didn't know how to speak the language and just kind of picked it up as you went by just riding the struggle bus you're going to pick it up a lot faster in my opinion so i recommend just installing linux using it as your main operating system for a week just a week just struggle through it figure out how it is to operate it now it doesn't mean you can't use that in conjunction with courses or materials you sure should but it helps to just immerse yourself in the environment and learn that way now with that being said here are a couple of my favorite resources for learning linux okay the first resource is linuxjourney.com now if you just go to linuxjourney.com you come through here it has all sorts of awesome lessons just awesome lessons look at all these it even recommends books if you want to learn from a book but you just click on these lessons here you can get started and look this just talks about all the different types they have exercises they have quizzes it is amazing a fantastic resource and you can just use this website easy free beautiful all right the other resource that i like to recommend is a resource called over the wire so this is a resource where you come in here and you just try to learn linux through doing some challenges now you see they have all these different challenges over on the side so they have these war games the one i'm in right here is called bandit you start with level zero it tells you what your goal is you need to connect to the lab now this is going to be on a little bit of an advanced side you have to figure out how to log in with ssh if you've never done that you might want to start with the linux journey first understand that and then just come in here and start doing the levels and it's kind of giving you hints it says hey okay if you've never used ssh before you might need to use that command if you don't know what it is come in here and read about it okay you complete the level guess what you get to come in here you get to learn some more commands i think it's fairly awesome way to learn linux again riding the struggle bus just learning gamifying it just a little bit and having fun so these are my two favorite resources for sending people to learn linux on top of this on top of this you can also use youtube udemy there's all tons of platforms out there if you look on my channel i even have a learning linux for ethical hackers videos so there's short video series all over the place for learning linux it should be something that you can absolutely do for free the last important foundational skill set that you should learn are coding skills now for coding and scripting you really need to be able to read code at a minimum to be successful in this field you do not have to be a full-on developer the better you are at coding the easier life will be however i've had a successful career without being a developer by any means i'm actually pretty terrible at coding so for coding i do recommend starting with python python is a very beginner friendly language to learn and there are a ton of resources out there for it now what i'm going to show you if you go looking on your own make sure and i'm going to stress this again make sure you look for learning python 3. python 2 is now deprecated it's end of life you might see resources for learning python 2. just avoid them it's better off to just learn python 3 at this point so let me show you some of my favorite resources so my first resource is a website called codecademy if you come over here you can just click on python and they have different courses here now they have a python3 course you can see all the different things that they've got here's the python 3 beginner friendly course i would recommend starting with this now you see it is a pro course that means that it could cost money however the nice thing about codecademy is that even though this is a pro course and it does require a subscription they give you a seven day free trial without having to pay without having to sign up with a credit card without having to do any of that you literally just register and you can begin this course now if you go to the course it's really really nice you get to learn all different sorts of things they have a built-in code reader is an easy way to put it to just utilize your code on the website you don't have to download anything you don't have to implement anything it's all right here there's challenges there's lessons it is absolutely fantastic so i highly recommend codecademy on the other hand another website that i think is top notch is a website called team treehouse now you can see that it has a seven day free trial as well and then it's twenty dollars a month one hundred percent worth the twenty dollars a month if you ask me the videos are high quality they have all sorts of lessons and for 20 a month you get access to everything so you can see that they have these tech degrees you can come into courses and kind of look through the different courses that they have i would look for python here but you can learn all sorts of different coding if you're interested in it this is a great great website i've used it for a lot of different coding background now i could not leave this video without putting free code camp in here free code camp is a great resource you can look them up on youtube they also have a website called freecodecamp.org they are a non-profit all they do is teach code i've had the pleasure of teaching courses for them i've had the pleasure of being on their channel you can see they have some python stuff in here again some of the curriculum that they might have might include python 2 so make sure that you check it out and make sure that it has python 3 but you can just click on their website go to their youtube channel and you can see look python in four hours but this is from two years ago so make sure if you look at this that you're checking it out and you're seeing uh that there are you know there's python three on there and if you take a quick little peek you can see hey i've got a course right here too so anyway with that being said we are now through the foundation so let's go ahead and move back we'll chat for a minute and then we'll move on to what's next okay you are through the foundations you've got the foundations now what do you do you're ready to start learning ethical hacking where do we start now i'm going to be a little bit biased though i do strongly believe that i am a a good resource for this i do want to point out that i have a course for this okay now this is where i think you should start though i'm going to provide other resources as well if you go to tcm security academy you scroll down just a little bit there's a course right here called practical ethical hacking you click on that there are 25 hours of lessons in here that start out with let's look at it okay networking linux python remember the foundational skills i said you should have they're here as well and the cool thing about this course is that if you click on the preview button you'll see anywhere there's a preview button all the way through all this attack and hacking stuff the first 10 hours or so this course are completely free you can come in here learn you don't have to pay a cent you don't have to log in you don't have to sign up you don't have to do anything okay so you're going to learn all about hacking all the way through the first 10 hours if you are interested in learning exploit development active directory and beyond some of the really really fun stuff web apps etc you're going to have to come in here you're going to have to pay for it unfortunately but there are 10 hours of free material here so i really highly strongly recommend coming here first because it does teach the basics now beyond that you also have the opportunity to learn this for free so i released a similar course in 2019 you saw the free code camp just a second ago with a 3.5 million views this is the same videos just on my channel you can come in here and see that there are 15 hours of video content here so it's a little more out of date it's a little bit older of content but if you're looking to just learn for free completely you can come in here and learn through a lot of this material as well and there's there's 15 hours of content here highly recommend doing that as well so pick your poison okay beyond this i think it is great to start practicing with what are called intentionally vulnerable rooms or machines okay there are a few websites out there i'm going to show you a few different ones but the are these machines are intentionally vulnerable meaning that they're meant to be hacked now try hack me is by far right now my favorite resource for for learning this kind of stuff the nice thing is a lot of this stuff is free if you come here to activities they have different learning modules that you can come in and work on they have different learning paths so if you're a complete beginner you can start right here they've got pen testing they've got even pentest plus related material if you're looking for a certification it is absolutely awesome they've also got different networks active directory hacking all kinds of stuff okay it is ten dollars a month i think it's fantastic the rooms are user designed you can come in here let's see if they'll let us look at it without even signing in basically what i like about this is if you come into their their website it holds your hand this is a hand-holding website like if you've never learned anything about linux fundamentals this will walk you through all the fundamentals it is fantastic same thing with networking and all these other things that they have it is a great great website for 10 a month they do have free rooms like if you just saw what i clicked on free free free i do recommend throwing ten dollars a month their way and getting access to some of the vip stuff and some of the more advanced hacking stuff as well so in conjunction with this there is a website called hack the box hackthebox.edu you can come in here it's very similar to try hack me in the sense that you are trying to come in here and hack some of these machines now the only difference is you have to hack your way into hack the box so you have to hack your way into getting this and i think honestly it's a little bit more advanced i would not start with hack the box i would go to hack the box once you've kind of got some experience on your belt and you want to go challenge yourself and just have a little bit of fun i would start with try hack me and then go to hack the box but i wanted to present that as being out there now the other website i'm not going to show i'm just going to mention is a website called vulnhob.com these are machines that you can download and then locally try to break into as well now all of these are what is considered ctf style capture the flag you're basically trying to break into a machine and you're trying to own that machine you want to be system or you want to be root at the end of the day you're trying to capture the flag that is on that machine so if you enjoy this it's not really it's not the best way to be a pen tester per se there's overlap and a lot of the skill sets and the methodology and the thought process it's a little gamified because it's meant to be a challenge it's not something that you might necessarily see in a real environment but it's fun okay it's fun it's challenging it's a good time so if you enjoy this i also have a website that i can recommend to you that website is ctftime.org you can come to this website and they have events called capture the flag events you can come in here and just look through some of these and say hey oh here's an event going on can i just click on that and just go participate a lot of these events allow remote access they allow you to just participate and they're open to anyone and everyone so come read through these participate in some ctf events my recommendation is if you are interested and you participate and then you struggle or you want to see how something was done you couldn't figure out some of the the flags come look through the write-ups okay you can read the write-ups you can click on one of these and it'll say hey here's exactly how i solve this some of these are you know a little bit better than others this is pretty you can click in here and see if you have more details but this will tell you hey here's how we solve this here's the tools we use and that will help you understand uh the methodology behind it and get better for the next time okay once you have made your way through some try hack me machines you're doing some hack the box you've done the course that i recommended now what do you do well we're going to get beyond the basics we're going to talk about active directory now active directory hacking in my opinion is one of the most overlooked categories by people looking to break into the hacking field given that 95 or more or so of the fortune 1000 companies that utilize active directory in their environments it's incredibly significant skill set to learn now active directory comes up a ton in interviews and i find that a lot of people that i've interviewed in the past that have the shiny certifications we'll talk about but didn't really have any work experience they kind of really struggled with the topic of active directory so this is something that if you're looking to get in the field you really need to prepare for this topic and make sure because it's definitely going to come up in interviews now if you saw my course you saw that there was probably i don't know five or six hours on the topic of active director hacking if you go through that course that will give you a solid solid foundation for this section this is going above and beyond those sections okay so what i'm going to show you here are a few places to start now the first thing that i want to mention is an article that i started with when i was brand new now that was this article here the top five ways i got domain admin on your internal network before lunch 2018 edition the crazy thing about this article is that everything still works it is three years later and all of these attacks we still use on active directory hacking so please read this article understand why the attacks are important if you go through the course that i mentioned you will note that all these attacks exist within that course you get to get hands-on and try them out above and beyond that let's talk about pen tester academy and a couple of other courses now pentester academy is a great resource for learning active directory hacking they have what is called the red team labs up here i think they are in the three to four hundred dollar range you get access to an environment you get access to uh videos and coursework and pdfs and stuff like that and you get to learn how to hack active directory it is a fantastic resource something worth checking out the other course i want to mention is a course from zero point security which is called red team ops this is a course that is also based on active directory you can look at the syllabus here and kind of look through the different attacks that they have but it is always sold out honestly always sold out this this course has a long waiting list it is um from everything i've heard a fantastic resource for learning active directory hacking as well so something to consider on top of everything that i've showed you now last but not least i want to point out some blogs that are worth reading and people worth following now i'm not going to go through everybody that i mentioned in my blog just because i don't want to bog down this video too much i'm just going to show you one blog and i'm going to mention them by name if you're interested in learning more about active directory please go check these people out okay so the first person is sean metcalf his name is pyro techtek3 on twitter and he has this blog here called adsecurity.org you come here you can read all about active directory attacks uh and it's just a fantastic resource i think it's the best resource on active directory tax and blogging in general in active directory that is out there i will note that anything that i'm going to show you is pretty heavy stuff so if you're not familiar with active directory i definitely wouldn't start here i would learn more about directory learn the basics and then dive into this stuff on top of that anything by a gentleman named dirk janum dirkjanim.io housek.com again i'm not going to put all these out but just go look at the blog you can go see them anything by spectreops captain jesus bite bleeder gentle kiwi harm joy any of those people are fantastic resources okay fantastic resources to get into active directory hacking next up is web application hacking and web application hacking is in high demand right now you might see the bug bounty posts like we mentioned integrity earlier the bug bounty platform almost all of that is web application or maybe some mobile application there's some other stuff too but most of it's web application hacking and that's where the the big money is right now that's where a lot of the industry is moving and there are literally just jobs out there for people who are web application hackers you don't have to know the network stuff really you don't have to know any of that other stuff just if you're good at web app hacking there there's work for you and there will be work for you for a long time so if you're interested in this field and you kind of want to learn the stuff i've got a ton of resources so many resources that i actually am just going to keep it in a tab here and we're going to go through these tabs really quick one by one so hacker 101 is a great resource here you can go look at the video lessons so they've got video lessons here on learning the different stuff you can play with capture the flag you can sign in and if you do the capture the flag game that they have you can actually get access to some of their private bug bounty programs which i think is cool you can come through here and look at the different playlists that they have for all the different types of exploits and even the pen test series which was done by no other than me here so something to consider as well all free resources by the way the port swigger web security academy is another great resource you come in here and learn all different sorts of attacks through their labs that they have this is just a tiny amount of labs comparatively to the view all labs hands-on great exercises very detailed and just amazing amazing stuff i highly highly recommend the web application or the web security academy as well another hacker site another university bug crowd university come through here watch some of the videos that they have the different webinars i think these are great pentester lab has to be mentioned this one is not free i lied to you this one is not free okay but it does have exercises there are actually some some free exercises here i believe but you have you want the pro honestly if you're going to do this they've got different things you can come in here as well and look at all the lessons that they have just for web application hacking i mean it's amazing stuff so something to consider they've also got a boot camp they've got a lot of awesome things that you can do and this all ties into the web app stuff now this might be overwhelming i'm just throwing all kinds of stuff at you this is what i'm talking about when i said earlier in the video that there is a there are a ton of resources there's a lot of studying and learning to do and this is why people kind of get overwhelmed it's absolutely true this journey into hacking is a long one but it's something that if you put in the work and you do the studying and you are motivated this is a very very rewarding field all right on to the second half i am going to uh be biased again self plug i've got a course on youtube if you just search beginner web application hacking five hour course 100 free you don't have to do anything not to pay me a dollar okay um so another resource out there get your hands dirty with some hacking i have to mention also owasp.org now os.org here is the primary resource for all things web application security and web vocation hacking type deal so if you look at the owasp top 10 project this is the top 10 security with security risks in application security so you see they've got injection as the top one so things like sql injection ldap injection etc some of these other ones like cross-site scripting and these are things like you're going to get interviewed on like you will be in an interview and they'll say hey what is the number one uh application security risk in the oas top ten and you're gonna have to say hey it's injection and they're gonna say okay what is injection you're gonna tell them what injection is they might say how do you defend against injection you might have to tell them that so knowing your top ten super important for more than just one reason okay on top of that the web application security testing guide is an amazing resource you can come in here you can just literally click on the repo they've got a pdf version they have books they have all kinds of stuff that you can just read through and learn how to pen test and it goes step by step holds your hand and explains everything like you are five which i i truly love last but not least you can google bug bounty write-ups you can google um all sorts of things if you are looking for i would i mean just you could easily just go like hey i want to see a cross-site scripting write-up or i want to see anything you can come to a site like hackerone.com forward slash activity you can use google you can look at blog posts there are all kinds of material out there for this so there is all kinds of material out there for this okay so like like this for example this is something that was a twitter hack not that long ago that somebody got paid seventy seven hundred dollars for look you can come through here and read the write up on how they did it this shows you how they did it this is awesome stuff and they got paid money for it a lot of money for it okay so this is something to just kind of go through and look at and kind of read and just on top of studying hacking and on top of everything else see other people's methodologies see their resources see their write-ups etc next up is wireless hacking now i know a lot of people that began their hacking interest in trying to hack wireless networks now you should do this ethically okay don't go out and try to hack your neighbor's wi-fi try to hack your own it is incredibly basic and straightforward and easy but we do wireless assessments and you could literally learn how to do a wireless assessment or wireless hacking from a blog post and just having the right equipment which is maybe 20 30 spent on amazon it's not that difficult okay so i'm gonna bring this over i'm just gonna make this i'm gonna do this real quick and like literally this this blog post will teach you how to run the attacks how to to do what you need to do and within 30 minutes you can be hacking networks it's pretty cool honestly so there's there's really two types of networks that we're focusing on anymore there's wpa2 and so there's wpa2 personal which is like a pre-shared key you can think of your home network so if you you have i don't know password123 as your wi-fi password um all we have to do is intercept the handshake and then we can if you have a weak password more likely than not we're going to crack it wpa2 enterprise is a little bit more complex though you can go learn about those through blog posts as well you can learn about evil twin attacks all different sorts of attacks i just want you to be familiar with hey wireless hacking is a thing you should be familiar with it and you should know the basics of it and if you do that you can pick most of that stuff up from a a blog post or you could go watch some youtube videos or at worst you can go spend ten dollars on a udemy course okay but it's fairly straightforward all right the next thing to discuss are certifications you hear people talk about certifications all the time ethical hacking certifications are no different there are a million of them out there and there's only a few that are really really really worth it if you ask me now you'll hear a lot of people talking about the ceh or the certified ethical hacker you hear people talking about the comptia pentest plus in my opinion you should avoid both of these okay unless you have a job purpose requirement which is something like the dod 8570 or you need some sort of job requirement where you need this certification i do not think that they are worth the time or the effort so as of this posting okay as of this video there's only one certification that i find to be the most valuable to have the highest return on investment that is not saying that this is the only certification out there that is worth it i'm saying this is the one that i'm going to point you to first beyond these certifications there are other ones out there there are organizations such as sans there's organizations like ine and elearn security that have great value and they have great courses and great instructors however they are more expensive than the certification i'm going to show you and their return on investment is arguably less now regardless of the certification you choose and you should choose one to be competitive in the job market you're going to have to have skills in basic exploit development and privilege escalation to be successful in these certifications now i will talk about that in a second let's go ahead and take a peek really quick at the certification of choice now certification of choice for me as of right now is the oscp so you see the oscp here from offensive security it is the gold standard it's about anywhere from a thousand to thirteen hundred dollars and you basically uh let's see it is yeah a thousand thirteen fifty um depending on what you're gonna do you learn the basics you learn you know you learn how to hack um but it is a very challenging environment it's something that people are afraid of it's something that people fail a lot because it is hands-on hacking the exam is 24 hours you have to hack five machines um but this is one of those kind of gatekeeper certifications the the oscp by the way is not going to teach you everything you need to know to be a hacker like this is something that is a should have on your resume but it's not something that is going to get you the job per se uh albeit i've seen people get jobs just getting the ocp and nothing else most of the times you have to go back and learn that active directory that web app that wireless stuff to be competitive okay but this is kind of the place that you need to have something to to stand out on your resume this is one of those things now when i took the oscp i think it was around a thousand bucks when i took it uh my salary jumped up twenty thousand dollars as soon as i passed it i got a job i was being a pen tester and i mean the return on investment spend a thousand get twenty thousand salary pretty good for me okay so consider this don't fear the hype of this certification by the way if you heard about it and you're interested in it don't don't fear it it is a beginner level certification at the end of the day it is something that you just kind of have to get over get through it's one of those you ride the struggle bus you succeed you're done okay now with that being said there are two topics that are a part of this that you're going to need to learn the first one is what's called exploit development now this is you can see here buffer overflows basic basic buffer overflows now this is not just for the oscp but like the ecppt which is from elearn security or ine there's other certification exams too that have these exploit development type aspects to them if you're if you're interested in that and you need to learn a basic buffer overflow i have a video series which i'm just going to open it up and bring it over here so i have this series here i'm buffer overflows made easy again it's one of those things that's free easy to do you don't have to really do that much with it and you can learn a lot so it's it's one of those things i feel like are over hyped from a lot of people like oh my gosh i have to learn buffer overflows it's really not that bad also if you go to our blog there is a blog post on it and you can see all the details in here on what you need to do to perform a buffer overflow again it's really not that bad it's fairly straightforward if you could do the buffer overflow from the video from the article you will be fine on any of the exams that you do additionally there is a try hackney room made by a gentleman named tiberius or tibsek here it is buffer overflow prep you just come in here you can see all the different types of overflows that he has and it's basically meant to prep you for the oscp so a great resource again as always everything that i'm listing or talking about now is going to be um a part of the blog post so if you're interested in any of this just go find those links there now i'm bringing up and you can hear the these these are probably gonna have a little bit of talking but um live overflow and also uh ginvale i always say his name wrong but both of these channels by the way if you're interested in taking exploit development above and beyond what you're going to learn in the oscp you're gonna learn in these blog posts these are two channels to follow okay two channels to follow live overflow is huge he's a huge youtuber um this this guy not so much only 20 000 subscribers but he has fantastic videos and resources as well in terms of learning uh how to exploit development learning assembly stuff like that so please consider checking out their channels as well now the other topic we have to talk about for something like the oscp is the topic of privilege escalation now i'm going to pimp out my course one more time but we have privilege escalation here so when we talk about privilege escalation we're talking about escalating our privileges on a machine now if you're hacking into a machine and you get to a machine that is um you know you get in and you're a lower level user basically you're not an administrator well you need to escalate your privileges on that machine so you take your you you take what you learn or what's around you you enumerate you figure out how you can hack that machine elevate your privileges and completely own that machine now if you're doing an exam it doesn't have to be the oscp but you do an exam you do ctf type stuff any of the try hack me hack the box they're all going to have some form of privilege escalation that you need to know to be successful now i've got a windows course and a linux course for how to enumerate and escalate there are also courses out there by tiberius who i just mentioned for the try hackme room that he built here and we also have free labs for this on tryhackme there are privilege escalation labs and stuff out there on top of learning privilege escalation there are from a course there are a ton of guides like here's a guide here i'm learning linux privilege escalation and you can take this and google a bunch of different guides as well and figure a lot of this out but i highly highly recommend doing the courses as they will guide you hold your hand and help you learn some of these tips and tricks okay and we're nearing the end of the video and it's i feel like it's been long winded i know it's going to be a long video but it has to be it's one of those like you have to have all the material that i can provide you and i want to put out there and even even in this video because it's so long i'm kind of i don't want to say skimping but i'm skipping over of some of the topics that i really want you to go learn and study now the last thing i want to show you here is i want to show you just some of the resources that i think are valuable now this is going to be on the blog post i'm not going to go one by one i'm just going to kind of quickly go over this let's take a look one more time at the blog post and then we're going to go ahead and cap this out so near the bottom of the blog post here if you scroll all the way towards the bottom you're going to see a section called content creators i would love to come in here and just show everybody's youtube channel and how awesome they are and all their twitch channels and stuff there's just a lot okay um these are my recommended follows if you are if you're looking at these people this is somebody that you should definitely be following and you should watch their twitch stream or their youtube channel or however it is you want to absorb your information now here in the general hacking section these are the people that i find incredibly valuable for just overall general hackers could be ctf could be just your everyday hacking okay um from a web app or bug bounty perspective if you're interested in that side of the house these are my recommended people highly highly recommend to go through this list check them out see which ones you like and take it from there last but not least i think that communities are super important muay important day okay you should join a discord community a slack community whatever it is that you know really gets you going but the benefit of a community is that you can go and ask people for help you can go help others you get to network with other people i cannot tell you the amount of people that just in my discord community alone have found jobs because of people they met have found jobs because of the resume help that we provided or just from the learning experience and it's just a great place overall to meet people we're all a tight-knit community in this hacker community and it's it's great to be able to meet other people and to have friends and you know you get together at conferences and meet each other and it's a great great place to be so i'm going to shamelessly plug one last time i have a community here tcm sec discord we've got 20 something thousand people in the community um there's also netsec focus which i think is great nam sek which you see up here as a bug bounty hunter if you're interested in bug bounties he has a discord as well that i think is great and last but not least if you have ever served in the military and you're a military veteran or you're active in the military i do recommend checking out the slack community at vetsec over at betterinsect.com another great place to learn and to just network with other individuals all right i am literally going hoarse horse i'm exhausted my voice is i'm losing my voice here and i have put together this entirety of resources um it's not all-inclusive there's other resources out there but this i swear to you if you take the path that is in this video that is in the blog post and you you stick to it you spend your 2021 learning the materials that are in there you will be on your path and the right path to becoming an ethical hacker okay this is the this is the place to be this is the technical side of things now there's more to learning to be an ethical hacker from a reporting perspective from a just being able to present and write perspective and that's stuff that you'll you'll have to learn too as you go but from a technical side you want to be a hacker this is where you start this is what you do so again i really want to thank you for watching this video if you made it all the way through round of applause good job thanks again to integrity for sponsoring this video and thank you for being a subscriber if you are if you're not please again consider hitting the bell subscribing uh hitting that like button commenting down below so that's it for this video until next time my name is the cyber mentor and i do thank you for joining me peace out

Info

Channel: The Cyber Mentor

Views: 243,595

Rating: 4.9629631 out of 5

Keywords:

Id: mdsChhW056A

Channel Id: undefined

Length: 47min 28sec (2848 seconds)

Published: Wed Jan 06 2021